Addressing the "Multi-agent privacy" deadlock
9 Jul 2026
Let's summarise it with a use case: the "scheduling problem"
In two years, this will be an everyday scenario: Your AI agent needs to find a meeting slot with a colleague. Their AI agent controls their calendar. The two agents coordinate. Agent A queries Agent B's calendar. B's full schedule (personal appointments, health entries, confidential meetings) is exposed instead of a boolean Free/Not free.
With a proper regulated "authorization architecture", however, the picture would change entirely: Agent A proposes a calendar query to B's authorization backend. B's backend evaluates the request against B's stored policies. It returns only boolean availability windows (free or busy). No content, context nor details and meeting scheduled.
The multi-agent coordination architecture requires a "privacy firewall between agents". At ID side, we have been building exactly this architecture for years, not because we anticipated every use case, but because we started from GDPR first principles: consent should be user-defined, machine-enforceable, and travel with the user, not be solicited afresh by every service (data protection by design).
What we did not fully anticipate, back in 2020, was how quickly this architecture would become essential, beyond AdTech, in AI agents' world, in automated decision-making, in the very infrastructure of a connected, intelligent digital world.
What ID side does now, as part of our R&D and sandoxing missions, is to exchange erlentlessly with Big Tech players from all continents but also digital regulation leaders. Regulation, at its best, does not lag behind innovation. It anticipates it. texteArticle 88b GDPR (EU digital omnibus) is a striking example: it prepares the ground for a standardised, automated consent signal mechanism -in other words: an ethical, sustainable, human-controlled consent infrastructure for real privacy control in the digital & AI environment.
But anticipation alone is not enough. For regulation to work, it must be accompanied by a willingness to test, to learn, and to adapt (to move from principle to practice, from text to technical reality). This is where leading EU governments, notably France, with its long-standing commitment to digital sovereignty and fundamental rights, have a unique role to play. From regulating to testing, sandboxing might help bridging between regulatory vision and market-ready implementation -notably for EU standards to be not only ambitious in principle, but operable in practice.
In two years, this will be an everyday scenario: Your AI agent needs to find a meeting slot with a colleague. Their AI agent controls their calendar. The two agents coordinate. Agent A queries Agent B's calendar. B's full schedule (personal appointments, health entries, confidential meetings) is exposed instead of a boolean Free/Not free.
With a proper regulated "authorization architecture", however, the picture would change entirely: Agent A proposes a calendar query to B's authorization backend. B's backend evaluates the request against B's stored policies. It returns only boolean availability windows (free or busy). No content, context nor details and meeting scheduled.
The multi-agent coordination architecture requires a "privacy firewall between agents". At ID side, we have been building exactly this architecture for years, not because we anticipated every use case, but because we started from GDPR first principles: consent should be user-defined, machine-enforceable, and travel with the user, not be solicited afresh by every service (data protection by design).
What we did not fully anticipate, back in 2020, was how quickly this architecture would become essential, beyond AdTech, in AI agents' world, in automated decision-making, in the very infrastructure of a connected, intelligent digital world.
What ID side does now, as part of our R&D and sandoxing missions, is to exchange erlentlessly with Big Tech players from all continents but also digital regulation leaders. Regulation, at its best, does not lag behind innovation. It anticipates it. texteArticle 88b GDPR (EU digital omnibus) is a striking example: it prepares the ground for a standardised, automated consent signal mechanism -in other words: an ethical, sustainable, human-controlled consent infrastructure for real privacy control in the digital & AI environment.
But anticipation alone is not enough. For regulation to work, it must be accompanied by a willingness to test, to learn, and to adapt (to move from principle to practice, from text to technical reality). This is where leading EU governments, notably France, with its long-standing commitment to digital sovereignty and fundamental rights, have a unique role to play. From regulating to testing, sandboxing might help bridging between regulatory vision and market-ready implementation -notably for EU standards to be not only ambitious in principle, but operable in practice.
